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Amendments to the Claims ^^*v ^ 

Claim 1 (currently amended): A computer program product embodied on computer reaHa^^'^^?'^^''^ 

media readable by a computing system in a computing environment, for enforcing security policy 

using style sheet processing, comprising: 

computer-readable program code means for obtaining an input document: 
on e or more stor e d policy enforcem e nt objects, wh e rein e ach of said stor e d policy 

e nforc e m e nt obj e cts sp e cifies a s e curity policy to be associated with zero or more e l e m e nts of said 

input document; 

computer-readable program code means for obtaining a Document Type Definition (DTD) 
corresponding to that defines elements of said input document, wherei n: (Dm attribute of at 
least one element defined in said DTD has been augm e nt e d with on e or more references te 
s e l e ct e d on e s one of a plurality of said stored policy enforcement object s; (2) more than one of 
said references may reference a single stored policy enforcement object: and (3) each of said 
stored policy enforcement objects specifies a visibility policy for said referencing element or 
elements, said visibility policy identifying an encryption requirement for all elements having that 
visibility policy and a community whose members are authorized to view those elements : 

conyuter-readable program code means for applying one or more style sheets to said 
input document, thereby adding markup notation to each element of said input document for 
which said element definition in said DTD references one of said stored policy enforcement 
objects specifying a visibility policy with a non-null encryption requirement, resulting in creation 
of an interim transient document that indicates elements of said input document which are to be 
encrypted: and 
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computer-readable program code means for creating an output document in which each 

element of said interim transient document for which markup notation has been added is 
encrypted in a manner that enables each community member authorized to view that element to 
use key dis tribution material associated with the output document when decrypting the encrypted 
element. 

an augmented style sheet processor, wh e rein said augmented processor further compris e s: 

comput e r r e adabl e program code moans for loading said DTD; 

computer readable program code m e ans for resolving each of said one or more 
r e f e r e nces in said load e d DTD; 

computer readabl e program code means for instantiating said policy e nforcement 
obj e cts associated with said r e solv e d r e f e r e nces; 

computer - readable program code means for executing sel e ct e d on e s of said 
instantiat e d policy enforc e m e nt obj e cts during application of one or mor e styl e she e ts to said input 
docum e nt, wh e rein a r e sult of said computer r e adabl e program cod e m e ans for e x e cuting is an 
int e rim transi e nt dooxim e nt r e fl e cting said e x e cution; 

comput e r r e adabl e program cod e m e ans for gen e rating on e or more random 
e ncryption key s ; 

comput e r - r e adabl e program cod e m e ans for e ncrypting sel e ct e d el e ments of said 
int e rim transi e nt docum e nt, wh e r e in a particukur on e of said gen e rat e d random e ncryption k e ys 
may b e us e d to e ncrypt on e or more of s aid s e l e ct e d e l e m e nts, whil e l e aving z e ro or mor e oth e r 
e l e m e nts of said int e rim transi e nt docum e nt unencrypted; 
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oomput e r readable program oodo moons for encrypting oach of sold on e or more 
random encryption keys; and 

comput e r readabl e program code moans for creating an encrypted output 
document comprising said zero or mor e oth e r unencrypt e d e lements, said s e l e cted encrypted 
e l e ments, and said e ncrypt e d encryption keys; 

computer readable program code means for r e c e iving said e ncrypted output document at a 
cli e nt device; 

an augmented document processor, comprising computer readable program code means 
for d e crypting said received output docum e nt for an individual user or proc e ss on said client 
device, thereby creating a result document; and 

oomput e r r e adabl e program cod e m e ans for r e ndering said result docum e nt on said cli e nt 

deviee7 

Claitn 2 (currently amended): The computer program product according to Claim 1, wherein said 
markup notation in said interim transient document comprises on e or mor e e ncryption tags 
identifidng e l e ments n e eding encryption of a markup language . 

Claim 3 (original): The computer program product according to Claim 1 , wherein said input 
document is specified in an Extensible Markup Language (XML) notation. 



Claim 4 (original): The computer program product accordiag to Claim 3, wherein said output 
document is specified in said XML notation. 
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Claim 5 (currently amended): The computer program product according to Claim 1, wherein said 
stored policy enforcement objects further comprise computer-readable program code means for 
overriding a method for evaluating said elements of said input document, and wherein said 
computer-readable program code means for applying said one or more style sheets e x e cuting 
further con^rises computer-readable program code means for invoking e x e cuting said 
con^uter-readable program code means for overridin g, thereby causing said markup notation to 
be added . 

Claim 6 (original): The computer program product according to Claim 5, wherein said style 
sheets are specified in an Extensible Stylesheet Language (XSL) notation. 

Claim 7 (original): The computer program product according to Claim 6, wherein said method is 
a value-of method of said XSL notation, and wherein said computer-readable program code 
means for overriding said value-of method is by subclassing said value-of method. 

Claim 8 (currently amended): The computer program product according to Claim 5 or Claim 7 , 
wherein: 

said ov e rridd e n overriding method comprises: 

computer-readable program code means for generating said markup notation as 
encryption tags; and 
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computer-readable program code means for inserting said generated encryption 
tags into said interim transient document to surround elements of said interim transient document 
for which said visibility policy of said elements in said input docxmient have said non-null are 
d e t e rmin e d to require encryption requirement : and 

said computer-readable program code means for creating said output document further 
conq)rises conq)uter-readable program code means for encrypting s e l e cted elem e nts e ncrypts 
those elements surroimded by said inserted encryption tags. 

Claim 9 (canceled) 

Claim 10 (currently amended): The computer program product according to Claim 9, wh e r e in 
Claim L wherein said encryption requirement further conq>rises specification of an encryption 
algorithm to be used when encrypting elements having that visibility policy . 

Claim 1 1 (currently amended): The computer program product according to Claim 9, wh e r e ia 
Claim 1. wherein said encryption requirement further comprises specification of an encryption 
algorithm strength value to be used when encryptiag elements having that visibility policy . 

Claim 12 (currently amended): The computer program product according to Claim 9, wh e rein 
Claim L wherein said computer-readable program code means for creating said output document 
further conyrises : 
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computer-readable program code means for generating a distinct symmetric key for each 

xmique one of said communities identified by said visibility policy in said stored policy objects for 
each of said elements of said input document: and 

said-computer-readable program code means for encrypting said distinct symmetric 
e ncryption keys furth e r conyrises comput e r readabl e program cod e m e ans for e ncrypting a 
diff e r e nt v e r s ion of e ach of said random e noryption k e ys separately for each of on e or more smd 
members of e ach of z e ro or mor e of said communiti e s community for which uses said e ncryption 
symmetric key was generated, thereby creating member-specific versions of each of said distinct 
symmetric keys, , and wh e r e in e ach of said diff e r e nt v e rsions is e ncrypt e d using a public k e y of 
said community m e mb e r for which said differ e nt version was e ncrypt e d. 

Claim 13 (currently amended): The con:5)uter program product according to Ckiim 9, wh e r e in 
said encryption requirement may have a null value to indicate that said specified s e curity policy 
do e s not requir e e ncryption. Claim 12. wherein said computer-readable program code means for 
encrypting each of said distinct symmetric keys separately for each of said members uses a public 
key of said community member as input when creating each of said member-specific versions. 

Claim 14 (currently amended): The computer program product according to Claim 1, wherein 
said comput e r r e adabl e program cod e m e ans for encrypting sel e ct e d encrypted elements in said 
created output document are encrypted using uses a cipher block chaining mode encryption 
process. 
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Claim 15 (currently amended): The computer program product according to Claim 12, fiirther 
comprising: 

con^uter-readable program code means for creating a key class for each of said unique 
community communities , wherein said key class is associated with each of said encrypted 
elements of said output document for which members of this unique community is-an are 
authorized vi e wer viewers , and wherein said key class comprises: (1) a strong e st an encryption 
algorithm identifier and key length used when encrypting r e quir e m e nt of said associated encrypted 
elements; (2) an identifier of each member of said unique community; and (3) one of said difiF e r e nt 
member-specific versions of said encrypted symmetric e ncryption key for each of said identified 
community rtiembersi-and 

wh e r e in: 

said computer - r e adabl e program cod e m e ans for g e n e rating said one or mor e 

random e ncryption k e ys g e n e rat e s a particular on e of said random e ncryption k e ys for e ach of 
said k e y class e s, and wherein each of said difif e r e nt versions in a particular key class is e ncrypt e d 
from said g e n e rat e d encryption k e y g e n e rat e d for said key class; and 

said oonyuter r e adabl e program cod e m e ans for e ncrypting s e l e ct e d elem e nts us e s 
that on e of said porticutor random e ncryption k e ys which was gen e rat e d for said k e y class with 
which said s e l e ct e d clement is associat e d . 

Claim 16 (currently amended): The computer program product according to Claim 12, further 
comprising ^^vteein: 
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sai4<:omputer-readable program code means for decryptin g, for an individual user or 
process, only those encr ypted elements in said output document for which said individual user or 
process is one of said a uthorized community members, further comprisos comprising : 

computer-readable program code means for determining zero or more of said 
communities of which said individual user or process is one of said members; 

computer-readable program code means for decrypting, for each of said 
determined communities, said diff e r e nt member-specific version of said random onorytion 
symmetric ke y which was onoryptcd uoing soid public key of said ono m e mber, whoroin said 
oon:^)uter r e adable program cod e m e ans for d e crypting us e s a privat e key of said on e member 
which is associated with said public key which was us e d for encryption , thereby creating a 
decrypted key; and 

computer-readable program code means for decrypting selected ones of said 
encrypted elements in said output document using said decrypted keys, wherein said selected ones 
of said encrypted elements are those which were encrypted for one of said determined 
communitiesraed 

said comput e r - r e adabl e program cod e m e ans for r e nd e ring furth e r compris e s: 

comput e r - r e adabl e program cod e m e ans for r e nd e ring said d e crypt e d s e l e ct e d on e s 

and said oth e r un e ncrypt e d e l e m e nts . 

Claim 17 (currently amended): The con:5>uter program product according to Claim 15, wherein 
said conyuter-readable program code means for encrypting each of said distinct symmetric keys 
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separately for each of said members uses a public kev of said community member as input when 
creating each of said member-specific versions and further comprising : 

said-con:q)uter-readable program code means for decryptin g, for an individual user or 
process, only those encrypted elements in said output document for which said individual user or 
process is one of said authorized community members, further compris e s comprising : 

computer-readable program code means for determining zero or more of said key 
classes which identify said individual user or process as one of said members; 

computer-readable program code means for decrypting, for each of said 
determined key classes, said diff e r e nt member-specific version of said random encrytion encrypted 
symmetric key, using k e y in said key class which was e ncrypt e d using said public k e y of said on e 
m e mb e r, wherein said comput e r readable program cod e m e ans for decrypting us es a private key 
of said individual user or process, on e m e mb e r which is associated with said public k e y which was 
used for encryption, t hereby creating a decrypted key; and 

computer-readable program code means for decrypting selected ones of said 
encrypted elements in said output document using said decrypted keys, wherein said selected ones 
of said encrypted elements are those which were encrypted for one of said determined key classes> 
class; and 

said comput e r - r e adabl e program cod e m e ans for r e nd e ring furth e r comprises: 

comput e r-r e adabl e program cod e m e ans for r e nd e ring said d e crypt e d s e l e ct e d on e s 
and said oth e r un e ncrypt e d e l e m e nts. 
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Claim 18 (cxirrently amended): The computer program product according to Claim 16 or Claim 
17, wher e in said comput e r readabl e program cod e means for r o ndoring further oomprisos further 
comprising computer-readable program code means for substituting a p redetermined r e ndering a 
substitute text message for any of said solccted encrypted elements in said output document which 
cannot be decrypted by said computer readabl e program code moans for decrypting said output 
document for said individual user or process . 

Claim 19 (original): The con:q)uter program product according to Claim 1, wherein said DTD is 
replaced by a schema. 

Claim 20 (currently amended); The computer program product according to Claim 9, wherein 
Claim L wherein said encryption requirement further comprises specification of an encryption key 
length. 

Claim 21 (original): The computer program product according to Claim 8, wherein said inserted 
encryption tags may surround either values of said elements or values and tags of said elements. 

Claim 22 (currently amended): A system for enforcing security policy using style sheet processing 
in a computing environment, comprising: 
an input document; 



Serial No. 09/422,430 



-25- 



Docket RSW9-99-073 



on e or more stored policy enforc e mont obj e cts, whorein each of said stor e d policy 
e nforc e m e nt obj e cts sp e cifi e s a s e curity policy to b e associat e d with z e ro or mor e e l e m e nts of said 
input document; 

a Document Type Definition (DTD) corresponding to that defines elements of said input 
document, wherei n: an attribute of at least one element defined in said DTD has been 
augment e d with one or more references to s e l e ct e d ones one of a plurality of said stored policy 
enforcement object s: (2"^ more than one of said references may reference a single stored policy 
enforcement object: and (3) each of said stored policy enforcement objects specifies a visibility 
policy for said referencing element of elements, said visibility policy identifying an encryption 
requirement for all elements having that visibility policy and a community whose members are 
authorized to view those elements : 

means for applying one or more style sheets to said input document, thereby 
adding markup notation to each element of said input document for which said element definition 
in said DTD references one of said stored policy enforcement objects specifying a visibility policy 
with a non-null encryption requirement, resulting in creation of an interim transient document that 
indicates elements of said input document which are to be encrypted: and 

means for creating an output docimient in which each element of said interim transient 

document for which markup notation has been added is encrypted in a manner that enables each 
community member authorized to view that element to use key distribution material associated 
with the output document when decrypting the encrypted element. 

an augm e nt e d style she e t proc e ssor, wh e r e in said augmented proc e ssor fiirth e r compris e s: 

m e ans for loading said DTD; 
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m e ans for rosolving e aoh of said on e or more r e f e r e nces in said load e d DTD; 
m e ans for instantiating said polioy e nforc e ment obj e cts ossooiat e d with said 
r e solv e d r e f e r e nc e s; 

means for e xecuting select e d on e s of said instantiat e d policy e nforcem e nt obj e cts 
during application of on e or mor e styl e sh ee ts to said input docum e nt, wh e r e in a r e sult of said 
m e ans for e x e cuting is an int e rim transient document r e fl e cting said e x e cution; 

m e ans for g e n e rating one or mor e random encryption k e ys; 

m e ans for encrypting s e lect e d e lem e nts of said int e rim transi e nt docum e nt, wh e r e in 
a particular on e of said g e n e rat e d random e ncryption k e ys may b e us e d to e ncrypt on e or mor e of 
said s e l e ct e d e l e m e nts, whil e l e aving z e ro or mor e oth e r e lem e nts of said int e rim transi e nt 
docum e nt un e ncrypt e d; 

means for e ncrypting e ach of said one or more random e ncryption k e ys; and 

m e ans for cr e ating an e ncrypt e d output docum e nt comprising said z e ro or mor e 
oth e r un e ncrypt e d e l e ments, said sel e ct e d e ncrypt e d e l e m e nts, and said e ncrypt e d encryption 
k e ys; 

m e ans for r e c e iving said e ncrypt e d output docimient at a cli e nt d e vic e ; 

an augm e nt e d docum e nt proc e ssor, comprising m e ans for d e crypting said r e c e iv e d output 
docum e nt for an individual us e r or proc e ss on said client d e vice, th e r e by cr e ating a r e sult 
docum e nt; and 

m e ans for r e ndering said r e sult dooxun e nt on said cli e nt d e vic e . 
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Claim 23 (currently amended): The system according to Claim 22, wherein said markup notation 
in said interim transient docmnent comprises on e or mor e e ncryption tags id e ntif^g e l e m e nts 
n ee ding e ncryption of a markup language . 

Claim 24 (original): The system according to Claim 22, wherein said input document is specified 
in an Extensible Markup Language (XML) notation. 

Claim 25 (original): The system according to Claim 24, wherein said output document is 
specified in said XML notation. 

Claim 26 (currently amended): The system according to Claim 22, wherein said stored policy 
enforcement objects fijrther comprise means for overriding a method for evaluating said elements 
of said input document, and wherein said means for e x e cuting a pplying said one or more style 
sheets fiirther comprises means for e x e cuting invoking said means for overridin g, thereby causing 
said markup notation to be added . 

Claim 27 (original): The system according to Claim 26, wherein said style sheets are specified in 
an Extensible Stylesheet Language (XSL) notation. 

Claim 28 (original): The system according to Claim 27, wherein said method is a value-of method 
of said XSL notation, and wherein said means for overriding said value-of method is by 
subclassing said value-of method. 
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Claim 29 (currently amended): The system according to Claim 26 or Claim 2 8, wherein: 
said overridden overriding method comprises: 

means for generating said markup notation as encryption tags; and 
means for inserting said generated encryption tags into said interim transient 
document to surround elements of said interim transient document for which said visibilitv policv 
of said ele ments in said input document have said non-null ar e d e t e rmined to rcqu ife encryption 
requirement : and 

said means for creating said output document further comprises means for encrypting 
s e l e ct e d e lem e nts encrypts those elements surrounded by said inserted encryption tags. 

Claim 30 (canceled) 

Claim 3 1 (currently amended): The system according to Claim 30, wherein Claim 22. wherein 
said encryption requirement further comprises specification of an encryption algorithm to be used 
when encrypting elements having that visibilitv policv . 

Claim 32 (currently amended): The system according to Claim 30, wherein Claim 22. wherein 
said encryption requirement further comprises specification of an encryption algorithm strength 
value to be used when encrypting elements having that visibility policy . 
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Claim 33 (currently amended): The system according to Claim 30, wherein Claim 22. wherein 
said means for creating said output document further comprises : 

means for generating a distinct symmetric key for each imique one of said communities 
identified by said visibility policy in said stored policy objects for each of said elements of said 
input document: and 

said-means for encrypting said distinct symmetric e ncryption keys furth e r compris e s means 
for e ncrypting a differ e nt v e rsion of each of said random e ncryption keys separately for each of 
one or more said members of e ach of z e ro or more of said communities community for which uses 
said e ncryption symmetric key was generated, thereby creating member-specific versions of each 
of said distinct symmetric keys. . and wher e in e ach of said differ e nt v e rsions is e ncrypted using a 
public k e y of said community m e mb e r for which said diff e r e nt v e rsion was e ncrypt e d. 

Claim 34 (currently amended): The system according to Claim 30, wh e r e in said e ncryption 
r e quir e m e nt may hav e a null valu e to indicat e that said sp e cifi e d s e curity policy do e s not r e quir e 
e ncryption. Claim 33. wherein said means for encrypting each of said distinct symmetric keys 
separately for each of said members uses a public key of said community niember as input when 
creating each of said member-specific versions. 

Claim 35 (currently amended): The system according to Claim 22, wherein said means for 
e ncrypting s e l e ct e d encrypted elements in said created output document are encrypted using uses 
a cipher block chaining mode encryption process. 
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Claim 36 (currently amended): The system according to Claim 33, ftirther comprising: 

means for creating a key class for each of said unique community communities , wherein 
said key class is associated with each of said encrypted elements of said output document for 
which members of this unique community is-an are authorized vi e w e r viewers , and wherein said 
key class comprises: (1) a strongest an encryption algorithm identifier and kev length used when 
encrypting roquiromont of said associated encrypted elements; (2) an identifier of each member of 
said unique community; and (3) one of said diff e rent member-specific versions of said encrypted 
symmetric encr>ption key for each of said identified community members|-and 
wh e r e in: 

said m e ans for g e n e rating said on e or more random e ncryption k e ys g e n e rates a 
particular on e of said random e ncryption keys for e ach of said k e y class e s, and wh e r e in e ach of 
said diff e r e nt v e rsions in a particular k e y okiss is e ncrypted from said g e n e rated encryption k e y 
g e n e rat e d for said k e y class; and 

said m e ans for encrypting sel e ct e d e lements us e s that on e of said particular random 
encryption k e ys which was g e n e rat e d for said k e y class with which said sel e ct e d e l e m e nt is 
associat e d . 

Claim 37 (currently amended): The system according to Claim 33, fijrther comprising wfe^ein: 

said means for decryptin g, for an individual user or process, only those encrypted elements 
is said output docimient for which said individual user or process is one of said authorized 
community members, further compris e s comprising : 
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means for determining zero or more of said communities of which said individual 
user or process is one of said members; 

means for decrypting, for each of said determined communities, said member- 
specific dijff e r e nt version of said random oncrytion svmmetric ke y which was encrypt e d using said 
public k e y of said one m e mb e r, wh e rein said m e ans for d e crypting uses a privat e key of said one 
m e mber which is associat e d with said public key which was u se d for encryption , thereby creating 
a decrypted key; and 

means for decrypting selected ones of said encrypted elements in said output 
document using said decrypted keys, wherein said selected ones of said encrypted elements are 
those which were encrypted for one of said determined communitiesrond 
said means for r e nd e ring finthcr comprisc sf 

m e ans for rendering said decrypt e d s e l e cted ones and said oth e r un e ncrypted 

e l e m e nts . 

Claim 38 (currently amended): The system according to Claim 36, wherein said means for 
encrypting each of said distinct svmmetric keys separately for each of said members uses a public 
key of said community member as input when creating each of said member-specific versions and 
fiirther comprising : 

s^ means for decrypti ng, for an individual user of process, only those encrypted elements 
in said output document for which said individual user or process is one of said authorized 
community members, fiirther comprises comprising : 
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means for determining zero or more of said key classes which identify said 
individual user or process as one of said members; 

means for decrypting, for each of said determined key classes, said member- 
specific difforont version of said encrypted symmetric kev. using random oncr>1:ion key in said k e y 
class which v^os encrypt e d using said public k e y of said on e m e mb e r, wh e r e in said moans for 
d e crypting uses a private key of said individual user or process, one member which is associat e d 
with said public k e y which was us e d for encryption, t hereby creating a decrypted key; and 

means for decrypting selected ones of said encrypted elements in said output 
document using said decrypted keys, wherein said selected ones of said encrypted elements are 
those which were encrypted for one of said determined key classes, class; and 
said m e ans for rend e ring furth e r compris es^ 

m e ans for r e ndering said d e crypt e d s e lect e d on e s and said oth e r un e ncrypted 

e l e ments. 

Claim 39 (currently amended): The system according to Claim 37 or Claim 38, wherein said 
m e ans for r e nd e ring furth e r comprises further comprising means for substituting a predetermined 
r e nd e ring a substitute text message for any of said selected encrypted elements in said output 
document which cannot be decrypted by said means for decrypting said output docum e nt for said 
individual user or process . 

Claim 40 (original): The system according to Claim 22, wherein said DTD is replaced by a 
schema. 
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Claim 41 (currently amended): The system according to Claim 30, wherein Claim 22, wherein 
said encryption requirement further comprises specification of an encryption key length. 

Claim 42 (original): The system according to Claim 29, wherein said inserted encryption tags may 
surround either values of said elements or values and tags of said elements. 

Claim 43 (currently amended): A method for enforcing security policy using style sheet 
processing in a computing environment, con5)rising the steps of: 
providing an input docxmient; 

providing on e or mor e stor e d policy e nforcement objects, wh e r e in e ach of said stor e d 
policy enforcement obj e cts sp e cifi e s a security policy to be associat e d with z e ro or mor e e l e m e nts 
of said input document; 

providing a Document Type Definition (DTD) corresponding to that defines elements of 
said input document, wherei n: f 1) an attribute of at least one element defined in said DTD has 
b ee n augm e nt e d with on e or more references to s e l e cted ones one of a pluralitv of said stored 
policy enforcement object s: (2) more than one of said references may reference a single stored 
policy enforcement object: and (3) each of said stored policv enforcement objects specifies a 
visibility policy for said referencing element of elements, said visibility policy identifying an 
encryption requirement for all elements having that visibility policy and a community whose 
members are authorized to view those elements : 
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ap plyins on e or more style sheets to said input document, thereby adding markup notation 
to each element of said input document for which said element definition in said DTD references 
one of said stored polic y enforcement objects specifying a vi sibility policy with a non-null 
encryption requirement, resulting in cr eation of an interim transient document that indicates 
elements of said input document which are to be encrypted: and 

creating an output docu ment in which each element of said interim transient document for 

w hich markup notation has been added is encryp ted in a mann er that enables each community 
me mber authorized to view that element to use key distribution material associated with the 
output document when decrypting the encrypted element. 

e xecuting an augmented gt>1o shoot procosoor, further comprising the stops of: 
loading said DTD; 

resolving eaoh of said one or mor e ref e r e nces in said loaded DTD; 
instantiating said policy onforcom e nt objects associat e d with said r e solved 

r e f e rences; 

e x e cuting selected on e s of said instantiat e d policy e nforc e m e nt objects during 
application of one or more st>1o sh ee ts to said input document, wherein a result of said executing 
s e l e ct e d on e s stop is an int e rim tronsiont document refl e cting said e x e cution; 

g e n e rating one or mor e random encryption koys; 

e ncrypting select e d e l e ments of said int e rim transi e nt docum e nt, wh ^ein-a 
particular on e of said g e nerated random encryption keys may bo us e d to encrypt ono or more of 
said solootod olomonts, while leaving zoro or moro other olomonts of said interim transient 
document un e ncrypted; 
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enorj i pting oaph of said one or more random onor>ption koyo; and 
oroating on onor}ptod output dooumont oomprioing said zoro or more othor 
unonor>ptod olomonto, paid ooloctod onor>ptod olomonto, and ooid oncr^pt e d onoryption keys; 
reoehing said oncryptod output dooumont at a client do\ioo; 
e x e cuting an augmented document processor, comprising the step of d e crypting said 
received output docum e nt for an individual user or process on said client device, thereby oroating 
a r e sult docxmient; -imd 

rendering said result document on said client d e vice. 

Claim 44 (currently amended): The method according to Claim 43, wherein said markup notation 
jpsaid interim transient document comprises one or more onor>ption tags idonti^ing elements 
n ee ding encryption of a markup language . 

Claim 45 (original): The method according to Claim 43, wherein said input document is specified 
in an Extensible Markup Language (XML) notation. 

Claim 46 (original): The method according to Claim 45, wherein said output document is 
specified in said XML notation. 

Claim 47 (currently amended): The method according to Claim 43, wherein said stored policy 
enforcement objects further conqjrise executable code for overriding a method for evaluating said 
elements of said input document, and wherein said ex e cuting selected ones applying step further 
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comprises overriding said method for evaluating, thereby canning ..iH rr..rV..^ 
added . 

Claim 48 (original): The method according to Claim 47, wherein said style sheets are specified 
an Extensible Stylesheet Language (XSL) notation 

Claim 49 (original): The method according to Claim 48, wherein said method is a value-of 
method of said XSL notation, and wherein said step of overriding said value-of method is by 
subclassing said value-of method. 

Claim 50 (currently amended): The method according to Claim 47 or Claim 49, wherein: 
said step of overriding further comprises the steps of: 

generating said markup notation 35; encryption tags; and 

inserting said generated encryption tags into said interim transient document to 

surround elements of said interim transient document for which said visibility policv of said 

elements in said input document have s aid non-null or e dotormined to roquiro encryption 

requirement : and 

said step of creating said output d ocument farther comprises the step of encrypting 
oelootod olomonto encrypts those elements surrounded by said inserted encryption tags. 

Claim 51 (canceled) 
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Claim 52 (currently amended): The method according to Claim 51, wherein Claim 4^ wW^m 
said encryption requirement further comprises specification of an encryption algorithm to be used 
when encry pting elements having t hat policy . 



Claim 53 (currently amended): The method according to Claim 51, wherein Claim 43. wherein 
said encryption requirement further comprises specification of an encryption algorithm strength 
value to be used when encrypting elements having that p olicy. 

Claim 54 (currently amended): The method according to Claim 51, wherein Claim 43. wherein 
said step of creating sai d output document further comprises the steps of : 

generating a distinct symmetric key for e a ch unique one of said communities identified by 

said visibihty poKcy in said stored polic y objects for each of said elements of said input document: 
and 

said otop of e ncrypting said distinct symmetric e ncryption keys further comprisoo the step 
of cnor>i)ting a difforont voroion of each of said random onoryption keys separately for each of 
on e or more said members of e ach of zero or more of said communities community for which uses 
said enoQ'ption symme tric key was generated, thereby creating member-specific versions of each 
of said distinct symmetric kevs. nnd ivhornin nnrh nf rniH r4iflF?.yant y-^niom b o nc r)'ptcd using a 
public key of paid oommunit>' member for which ooid difforont voroion woo onoiyptod. 



Claim 55 (currently amended): The method according to Claim 51, wherein said onoryption 
roquircmcnt may have a null value to indicate that oaid opocifiod soourit>^ policy docs not roquiro 
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esePfp^ Claim 54, wherein said step of encry pting each of said distinct symmetrir k^Y«= 
separately for each of said me mbers u ses a p u b Uc kev of said commimitv member as innut when 
creating each of said member-specific versions. 



Claim 56 (currently amended): The method according to Claim 43, wherein said step of 
encrypting o olcctcd encrypted elements in said created output document are encrvp tinp iisinp «ses 
a cipher block chaining mode encryption process. 

Claim 57 (currently amended): The method according to Claim 54, further comprising the step 
of: 

creating a key class for each of said unique community communities , wherein said key 
class is associated with each of said encrypted elements of said output document for which 
members of this unique community is-aa are authorized ^^ewef viewers, and wherein said key 
class comprises: (1) a strongest an encryption algorithm identifier and kev length used when 
encrypting r e quirement of said associated encrypted elements; (2) an identifier of each member of 
said unique community; and (3) one of said dififoront member-specific versions of said encrypted 
symmetric e ncryption key for each of said identified community membersraad 

wh e rein: 

said step of generating said one or more random Gncr>'ption keys gcnomtos a 
portioular one of said random encr y ption keys for each of oaid key cIosgos, and wherein each of 
said different versions in a particular key class is encrypted fi-om said gcnorated encryption key 
g e nemtod for said key class; and 
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said atop of cnor>pting oclcctod olomonts usos that ono of said porticulor random 
e ncryption keyo whioh was gcnoratod for said key claflo with which said oolcctod olomont is 
associat e d . 

Claim 58 (currently amended): The method according to Claim 54, fiirther comprising the step of 
wh e r e in : 

said st o p of decrypti ng, for an individual user or process, only those encrypted elements in 
said output document for which said individual user or process is one of said authorized 
conmiunitv members, fiirther comprises comprismg the steps of: 

determining zero or more of said commimities of which said individual user or 
process is one of said members; 

decrypting, for each of said determined communities, said diff e r e nt member- 
specific version of said random oncrytion symmetric ke y which was encrypt e d using said public 
k e y of said ono memb e r, wherein said st o p of decrypting us e s a private key of said one m e mb e r 
which is associated with said public k e y which was us e d for e ncryption , thereby creating a 
decrypted key; and 

decrypting selected ones of said encrypted elements in said output document using 
said decrypted keys, wherein said selected ones of said encrypted elements are those which were 
encrypted for one of said determined communitiesrand 

said st e p of rend e ring fiirth e r compris e s the stop of: 

r e nd e ring said decrypted sel e ct e d ones and said oth e r un e ncrypt e d el e ments . 
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59. The method according to Claim 57, wherein said step of encrypting each of said distinct 
symmetric keys separat ely for each of said members uses a public kev of said community member 
as input when creating each of said member-specific versions and further comprising the step of : 

said st o p of decryptin g, for an individual user or process, onlv those encrypted elements in 
said output document for which said individual user or process is one of said authorized 
community members, further comprises comprising the steps of: 

determining zero or more of said key classes which identify said individual user or 
process as one of said members; 

decrypting, for each of said determined key classes, said diff e r e nt member-specific 
version of said random enorytion encrypted symmetric key, using k e y in said k e y class which was 
e ncrypt e d using said public k e y of said on e m e mb e r, wh e rein said st e p of d e crypting uses a private 
key of said individual user or process, on e m e mber which is associated with said public key which 
was us e d for e ncryption, t hereby creating a decrypted key; and 

decrypting selected ones of said encrypted elements in said output document using 
said decrypted keys, wherein said selected ones of said encrypted elements are those which were 
encrypted for one of said determined key classes, f-mi 

said st e p of r e nd e ring furth e r compris e s th e step of: 

r e nd e ring said d e crypt e d sel e ct e d on e s and said other un e ncrypt e d e l e m e nts. 

Claim 60 (currently amended): The method according to Claim 58 or Claim 59, wherein said stop 
of r e ndering furth e r compris e s further comprising the step of substituting a predetermined 
r e nd e ring a substitute text message for any of said s e l e ct e d encrypted elements in said output 
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document which cannot be decrypted for said individual user or p rocess; by said stop of dcci^ptiiig 
s aid output dooumont . 

Claim 61 (original): The method according to Claim 43, wherein said DTD is replaced by a 
schema. 

Claim 62 (currently amended): The method according to Claim 51, whoroin Claim 43. wherein 
said encryption requirement further comprises specification of an encryption key length. 

Claim 63 (original): The method according to Claim 50, wherein said inserted encryption tags 
may surround either values of said elements or values and tags of said elements. 
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